SecTor Management and the Advisory Committee are bringing to Toronto the world's best speakers in the field of IT Security.  The first round of Speaker Selections have been announced!  Second Round selections are currently underway. 

	Reza Alirezaei		Rafal Los
	James Arlen		HD Moore
	Christopher Boyd		Nick Owen
	Marisa Fagan		Christopher Pogue
	Pete Herzog		Subu Ramanathan
	Chris Hoff		Andrés Pablo Riancho
	Sahba Kazerooni		Ben Sapiro
	Mike Kemp		Len Sassaman
	Jason Lam		Mike Zusman
	Zach Lanier		Second Round TBD

Reza Alirezaei is an author and SharePoint MVP, focused on building custom solutions on the top of SharePoint, Office, and Microsoft Business Intelligence platforms. As a technical leader with over 10 years of experience in software, he has helped many development teams architect and build large-scale, mission-critical applications. In addition to consulting, Reza is an instructor and speaker. He speaks in many local and international conferences. Reza frequently blogs at http://blogs.devhorizon.com/reza

top

James Arlen, CISA, is a security consultant most recently engaged as the CISO of a mid-market publicly traded financial institution. He has been involved with implementing a practical level of information security in Fortune 500, TSE 100, and major public-sector corporations for more than a decade. James has a recurring column on Liquidmatrix Security Digest. His areas of interest include organizational change, social engineering, blinky lights and shiny things.

top

Mr Boyd is a Senior Threat Researcher for Sunbelt Software, a six time Microsoft MVP in Consumer Security and former Director of Research of FaceTime Security Labs. He's also been thanked by Google for his contributions to responsible disclosure. Mr. Boyd has made numerous finds in security, mainly in the area of social networks and the threats posed by console gaming. Notable discoveries include a Myspace exploit that allowed users to track profile visitors, an imageshack flaw that let you view the IP address of uploaders, the first worm on the Orkut network and the first example of a rogue web browser installed without permission via an IM hijack.

top

Marisa Fagan is a Security Project Manager, responsible for managing security research and consulting engagements. She specializes in rapid development of network security tools and is recognized for her research in threat modeling and identity theft. Ms. Fagan has presented her work at SummerCon 2009 in Atlanta, Georgia and at SecurityBSides 2009 in Las Vegas, Nevada. Additionally, Ms. Fagan is active in the information security community through the Atlanta Chapter of NAISG.

top

Peter co-Founded ISECOM, an open, non-profit, research organization with over 7000 members, www.isecom.org, created OSSTMM (version 3 to be released early June),  created Hacker Highschool, www.hackerhighschool.org and has created the Bad People Project, www.badpeopleproject.org .

top

Chris Hoff has over 19 years of experience in high-profile global roles in network and information security architecture, engineering, operations, product management and marketing with a passion for virtualization and all things Cloud.

Hoff is currently Director of Cloud and Virtualization Solutions of the Security Technology Business Unit at Cisco Systems. Prior to Cisco,he was Unisys Corporation’s Systems & Technology Division’s Chief Security Architect. Additionally, he served as Crossbeam Systems'’ Chief Security Strategist, was the Chief Information Security Officer for a $25 billion financial services company, and was founder/Chief Technology Officer of a national security consultancy. Hoff regularly speaks at high profile conferences, interviewed regularly by the media, is a featured guest on numerous podcasts and blogs at http://www.rationalsurvivability.com/blog. Hoff is a CISSP, CISA, CISM and NSA IAM. He was twice nominated as the Information Security Executive of the Year and won the Security 7 award in Financial Services in 2005.

top

Sahba Kazerooni is a Principal Consultant at Security Compass, a consulting and training firm specializing in application security. At Security Compass he harvests his blend of development and security knowledge in threat modeling, runtime security assessment, and source code review of client applications while at the same time leveraging his field experience to deliver Security Compass' one-of-a-kind training curriculum. Sahba is also an internationally-renowned speaker on security topics. He has presented at conferences around the world; he delivers Java secure coding training at the SANS Institute; and he has also provided numerous presentations through ISC2 to their elite network of certified information security professionals.

top

Michael is an experienced UK based security consultant, with a specialization in the penetration testing of web applications and the testing of compiled code bases and DB environments to destruction. As well as the day job, Michael has been published in a range of journals and magazines, including heise, Network Security, Inform IT and Security Focus. To date, Michael has worked for NGS Software, CSC (Computer Sciences Corporation), British Telecom, and a host of freelance clients throughout the globe. Presently, Mike is working in a day job for Xiphos Research Labs. When not breaking things, Michael enjoys loud music, bad movies, weird books and writing about himself in the third person. Mike has previously presented at security conferences in Jakarta, Hawaii, New York, Los Angeles, Warsaw, Prague, Holland, Zagreb and London (on subjects as diverse as virtualisation, malware, and why the government suck), and is always keen to embarass himself in new and exotic locales.

top

Jason Lam is an experienced information security professional who is actively involved in the global security community. He frequently speaks at various security events preaching information security to IT professionals with the hopes of improving the current state of the information security field. Jason also has heavy involvement in the SANS Institute, the most trusted organization in information security. He has written multiple courseware for SANS and is also involved in the GIAC certification process which certify information security professionals.

top

Zach is a Senior Consultant with the Intrepidus Group, specializing in network and web application penetration testing. He has performed security assessments for numerous clients, including Fortune 500 companies and higher education institutions. Prior to joining Intrepidus Group’s professional services team, Zach served as Senior Network Security Analyst at Harvard Business School, and Security Assessment Practice Manager at Rapid7. Zach has also presented at the MIS Training Institute's InfoSec World, IT Security World, and FinSec conferences, as well as Boston-area security professionals' groups, on topics such as open source security tools, security in virtualized environments, and vulnerability disclosure.

top

Rafal "Raf" Los, is a web application security evangelist for the HP Software & Solutions business at HP. Los is responsible for bridging the gaps between security technologies and business needs to reduce enterprise risks and create embedded, lasting solutions on behalf of the HP Application Security Center group. He has spent over 10 years in various facets of information security and data protection, building programs at companies ranging from startups to Fortune 50 enterprises. Additionally, Los helped to write the first release of the Open Web Application Security Project (OWASP) testing guide.

Prior to joining HP, Los led the web application security program and served as a security lead at General Electric (GE) Consumer Finance. Los also worked with GE Power systems, leading security engineering, architecture and building the web application security program. Before GE, Los helped build a service-oriented security consulting company and was among the first 25 employees in a successful financial-based startup, leading internet-facing systems and security management and architecture.

Raf received his B.S. in Computer Information Systems from Concordia University, River Forest, Ill.

top

HD is Chief Security Officer at Rapid7 and Chief Architect of Metasploit, the leading open-source penetration testing platform. HD founded the Metasploit Project in the summer of 2003 with the goal of becoming a public resource for exploit code research and development. Prior to joining Rapid7 and continuing his work on the Metasploit Framework, HD was the Director of Security Research at BreakingPoint Systems, where he focused on the content and security testing features of the BreakingPoint product line. Prior to BreakingPoint, HD spent seven years providing vulnerability assessments, leading penetration tests, and developing exploit code.

top

Nick Owen is a co-founder and CEO of WiKID Systems, Inc. WiKID has created a unique dual-source two-factor authentication system that uses public-key cryptography instead of the typical shared-secrets found in most systems. WiKID Nick's fourth startup. Nick was also an Entrepreneur-in-residence at the Advanced Technology Development Center in Atlanta. He is a graduate of the University of Virginia with an MBA from the University of Georgia. Nick helped design and architect WiKID's two factor authentication system and mutual https authentication system. Nick is the author of most of WiKID's technical white papers, tutorials and has integrated two-factor authentication systems with solutions such as Apache, OpenVPN, Astaro, Cisco, F5, Netgear and others. Many of his tutorials can be found on http://www.howtoforge.net.

top

Chris Pogue is a Senior Security Analyst for the Spiderlabs Incident Response and Digital Forensics team at Trustwave. He as over ten years of administrative and security experience including three years on the IBM ISS X-Force Emergency Response Services Team, five years with IBM’s Ethical Hacking Team, and 13 years of Active Military service in the US Army Signal Corps. During his professional career, Chris worked with some of the largest organizations in the world. Chris is also a former US Army Warrant Officer and has worked with the Army Reserve Information Operations Command on Joint Task Force missions with the National Security Agency, Department of Homeland Security, Regional Computer Emergency Response Team- Continental United States, and the Joint Intelligence Center-Pacific. Chris attended Forensics training at Carnegie Mellon University in Pittsburgh, Pennsylvania, and was the ARIOC primary instructor for UNIX, Networking, and Incident Response for all CMU sponsored courses. Chris also has worked with local, state, and federal law enforcement agencies such as the Broken Arrow Police Department, The Coral Springs Police Department, The Sandy Springs Police Department, The New York Police Department, The Federal Bureau of Investigation, the Royal Canadian Mounted Police, and The United States Secret Service to help pursue the digital evidence left behind by criminals of all types. His efforts have lead to arrests and convictions in Oklahoma, New York, Florida, and Munich, Germany. Chris has given presentations on Cyber-Crime and digital forensics at SANS, The Computer Forensics Show, SecTor, The Direct Response Forum, and The USSS Electronic Crimes Task Force Conference. Chris holds a Bachelor's Degree in Business Management, a Master’s degree in Information Security, is a Certified Information Systems Security Professional, (CISSP), a Certified Ethical Hacker (CEH), a Certified Reverse Engineering Analyst (CREA), a GIAC Certified Forensics Analyst (GCFA), and a VISA PCI DSS Qualified Security Assessor (QSA). Chris is also the primary author of the book, “Unix and Linux Forensic Analysis”, from Syngress/Elsevier. Chris’s book is currently being used as a textbook at Saginaw Valley State University and Illinois State University for their computer forensics courses.

top

Subu Ramanathan is a security consultant with Security Compass. With his wide array of experience in application vulnerability assessments, penetration testing and source code review, Subu plays a valuable part in Security Compass’s Software Assessment Service practice. With reinforced fundamentals in software development, Subu brings to the table sound understanding of the Software Development Life Cycles (SDLC). Subu is also involved in developing content for various JAVA based, developer focused security training courses including one offered by SANS institute.

Prior to Security Compass his professional experiences included working on Windows Vista graphic driver quality assurance team at Advanced Micro Devices. During this period he played an integral part in devising and developing a whole range of testing suites to widen the scope of driver quality.

Subu joined Security Compass after finishing his Computer Engineering degree at University of Toronto (UofT). During his years at UofT, his primary areas of specialization included advanced SDLC research, software and network security.

top

Andrés Riancho is an information security researcher and founder of Bonsai, where he is mainly involved in Penetration Testing and Vulnerability Research. In the research field, he discovered critical vulnerabilities in IPS appliances from 3com and ISS; and contributed with SAP research performed at his former employer.

His main focus has always been the Web Application Security field, in which he developed w3af a Web Application Attack and Audit Framework used extensively by penetration testers and security consultants. Andrés has spoken and hold trainings at many security conferences around the globe, like SecTor (Canada), FRHACK (France), OWASP (Poland), CONFidence (Poland), OWASP World C0n (USA), CanSecWest (Canada), T2 (Finland) and ekoparty (Buenos Aires).

Andrés founded Bonsai in 2009 in order to further research into automated Web Application Vulnerability detection and exploitation.

top

Ben Sapiro - Research Director, Security Practices at TELUS Security Labs - is a reformed security consultant with a background in secure software with a passing interest in federation and identity management.

Before focusing on security research, Ben worked for over ten years as a security consultant with global clients in North America, Europe, the Middle East and Asia. Ben's security experience includes security audits, ethical hacking, infrastructure work, threat modeling, secure development, secure architecture, social engineering and application testing.

In his spare time, Ben participates in Cloud Audit Working Group, an emerging cloud security standard.

top

Len is a doctoral student in Electrical Engineering. His research is centered around the topic of privacy enhancing technologies. In particular, He is focused on both attacking and defending anonymous communication systems, exploring the applicability of information-theoretic secure systems for privacy solutions, and designing protocols which satisfy the specific needs of the use case for which they are applied. He has a very strong interest in the real-world applicability of his work; while some of what Len does is pure theory, he has always held the belief that if a system cannot be implemented easily or be easily understood by the implementers, its utility is limited. Similarly, he believes that usability is a security concern; systems that do not pay close attention to the human interaction factors involved risk failing to provide security by failing to attract users. Thus, Len follows closely the fields of HCI and Applied Programming as well as Information Theory, Cryptography, and Anonymity.

top

Mike Zusman is a Principal Consultant with the Intrepidus Group. Prior to joining Intrepidus Group, Mike held the positions of Escalation Engineer at Whale Communications (a Microsoft subsidiary), Security Program Manager at Automatic Data Processing, and lead architect and developer at a number of smaller firms. In addition to his corporate experience, Mike is an independent security researcher, and has responsibly disclosed a number of critical vulnerabilities to commercial software vendors. He has spoken at a number of top industry events including CanSecWest, Defcon, Black Hat and regional OWASP events. Mike also speaks and teaches about information security at NYU/Polytechnic University. Mike brings 11 years of security, technology, and business experience to Intrepidus Group. He is a CISSP and an active member of the OWASP foundation.

top